diff options
| author | Johnathan Ritzi <jrdioko@gmail.com> | 2011-07-25 04:08:25 +0000 |
|---|---|---|
| committer | Johnathan Ritzi <jrdioko@gmail.com> | 2011-07-25 04:08:25 +0000 |
| commit | d3d1403341ef7e23bacd9c7a050c8ab9440f40dd (patch) | |
| tree | 14e7f555ab9811c8023f034d3f926cb9d868d623 /doc/narrative_introduction | |
| parent | cc66711b5ffbd5381bba2eed3439e858a0405e14 (diff) | |
Clarify fixed issues in packages
Mention that the CVE description isn't enough, and that
the Debian package should be double-checked before assuming
that an issue is fixed in a particular version. If someone
wants to elaborate on how to double-check, I think that would
be useful.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16979 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
| -rw-r--r-- | doc/narrative_introduction | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 3d15102b55..7b3409a12f 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -211,6 +211,11 @@ CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - gallery 1.5-2 (medium) +Even if the CVE description mentions it is fixed as of a particular +version, double-check the Debian package yourself (because sometimes +the CVE descriptions or information from databases like Secunia is +incorrect). + If it hasn't been fixed, we determine if there has been a bug filed about the issue, and if not, file one and then note it in the list (again with a severity level): |